Vulnerability Management Program for Early Threat DetectionJohn Sandiford, Security Architect at Verizon, on the Essential Steps
Building an effective vulnerability management program requires assessing your inventory to identify the critical, vulnerable, external- and internal-facing applications and applying internal controls to secure them, says John Sandiford, principal security architect at Verizon.
He says understanding risks and prioritizing them to provide the right access to users is a good way to reduce exposure.
In an interview with Information Security Media Group, previewing an upcoming virtual roundtable discussion, Sandiford discusses:
- Identifying software vulnerabilities and developing a strategy to control them;
- The relevance of the "security by design" concept;
- Getting the basics right.
Sandiford has extensive experience in network security and specialized skills in exploit development, security tools and techniques, network and application testing, design and implementations for enterprises and governments. He has been a technical lead for many engagements, such as security audits of Verizon Security Operations Centers and other security works, including conducting security reviews and testing of a large multinational enterprise, implementing PCI compliance solutions for corporations and managing a global SOC team providing managed security services to large corporations and governments worldwide.